Everyone makes mistakes. The problem for businesses is that cybersecurity mistakes can often lead to data breaches, service outages, and other issues that severely impact the continued viability of the company. Yet, businesses can learn from their network security mistakes and come out stronger for them.
But, what should we call a lapse in cybersecurity that is so big, no single mistake can cover it? What happens when there are systemic issues in the organization that keep it from achieving the basic level of cybersecurity protection that it needs?
The term “cybersecurity sins” seems appropriate for systematic issues in an organization that are so major that they cannot be considered simple security mistakes. To illustrate these issues, here’s a list of the “Deadly Cybersecurity Sins” that businesses should avoid:
Wrath, or the emotion of anger combined with the desire to cause harm, is a natural reaction to a cyberattack. It’s perfectly normal to want to track down the culprit behind a network security breach and make them pay for the damage done.
However, blindly lashing out and wasting time trying to assign blame before trying to contain and eliminate a breach is counterproductive. When organizations focus too much on trying to punish a culprit instead of recovering from an attack, it can delay critical incident response plan (IRP) steps meant to mitigate the damage a breach can cause.
Gluttony is all about overconsumption. Greed is about constantly wanting more. Both can lead to taking on more than you can reasonably handle. One common reason that companies have major flaws in their network security architecture is that they take on more than they can effectively manage with the resources at their disposal.
For example, many companies carry out large-scale mergers where one partner assumes control of the other’s entire IT infrastructure all in one go. Without sufficient preparation, this cybersecurity mistake can lead to major security gaps in the merged company’s network.
The best way to avoid these cybersecurity sins is to remember to take things in moderation—and to have a plan in place for managing all of your network assets before taking on new responsibilities.
Envy is about wanting what other people—or, in this case, other companies—have. Lust is an intense desire for something regardless of whether it would be good for you to pursue it. Whether it’s a specific cybersecurity device, business model, or other technology solution, envy of others or lust for a new tool can lead to some easily-avoidable security mistakes.
Adopting a new technology or business model simply because it seems to be working for another organization is not necessarily a good idea. What works for others may not be suitable for your own needs—especially when considering new network security tools.
Remember, cybersecurity is not a device—it’s a systematic approach to protecting your network from attack that uses specific tools and strategies. Adding the wrong network security tool or IT asset to your network can compromise your cybersecurity or negatively impact business workflows. So, don’t feel pressured to “keep up with the Joneses” when it comes to your network assets and cybersecurity tools.
Instead, check with your cybersecurity experts to see if a new tool or network asset would be more of a help than a hindrance.
Sloth can be defined as a lack of emotion, energy, or care that leads to inaction. All too often, a business can become incredibly slothful about their cybersecurity—failing to follow up on critical alerts and allowing cybersecurity breaches to remain unchallenged.
The problem may not be that the cybersecurity team doesn’t care about network security breaches. Instead, the problem is more often that they lack the tools or the bandwidth to deal with every alert that they get.
Another issue may be that there simply isn’t enough awareness about cybersecurity issues in the organization—leading employees to engage in behaviors that compromise network security for the organization.
Pride is the mother of some of the biggest cybersecurity mistakes that have occurred. Pride tells people that their network security is already perfect or that their company could never be the victim of a cyberattack that could actually hurt them. Pride, in other words, leads to complacency.
The unfortunate truth is that, no matter how good your current cybersecurity measures are, there is always a chance that an attack might succeed. It’s important to remain wary of potential harm from attacks and to raise awareness about cybersecurity issues in the organization.
Also, it is important to periodically review your network security and check for signs of a breach. Why? Because there’s always the risk that you have an unknown breach in progress. In fact, the Marriott breach went on for four years before it was detected—as noted by The Washington Post, “An unauthorized party accessed the reservation database of Starwood properties… from 2014 onward” before the breach was detected in 2018.
One of the most effective ways to avoid this particular cybersecurity sin is to conduct regular network security checkups to identify vulnerabilities and even active breaches.
Need help fixing systemic network security issues in your organization? Reach out to the team here at Compuquip Cybersecurity for help and advice.